Can you think of any company or industry today that doesn’t use computers?
It’s amazing isn’t it?
Technology is changing the way that we do almost everything.
But technological advances aren’t all rosey.
As our companies and lives become more dependant on computers, we also become more vulnerable to attacks.
Here are 5 cybersecurity attacks that you should make sure your small business is prepared to face in 2020.
We’re going to look at how the attacks work and what you can do to prepare.
- Online Skimming
- Fileless Attacks
Phishing is probably one of the most common cybersecurity attacks hands down.
Computer manufacturers and OS providers have really started improving the vulnerabilities in their systems.
Hacking a router, for example, is not nearly as easy as it was 25 years ago.
And here’s something about attackers that you may not be aware of – they take the path of least resistance.
Today, most of the time, the weakest path into an organization’s systems is human.
There are multiple reasons for this, but perhaps one warrants further discussion.
How cloud technologies have helped make phishing attacks more successful
I don’t have to convince you that companies use cloud technologies a lot these days.
Your marketing and CRM system is in Salesforce.
Your email is in Office 365.
All you have to do to access these accounts is log in.
But that’s all the attackers have to do as well.
They don’t need to be able to connect to your VPN and tunnel deep into your network anymore.
I think this is one of the reasons that we see so many more breaches these days.
Phishing attacks come in many forms.
In it’s simplest form, phishing attacks are a type of cybersecurity attack in which attackers try to deceive someone at your organization into doing something detrimental.
This could be clicking a link that takes you to a malicious website.
Or they may be sending you to a fake portal of some kind to get you to login so they can steal your password.
They may even try to fool you into installing some kind of software or app that is actually malicious.
These kinds of attacks are so successful that KnowBe4’s research has found that nearly 97% of cybersecurity attacks today involve social engineering of some kind.
With numbers like that, I’d say that this is one attack you can’t ignore.
Phishing Attack Prevention Tips
Security Awareness Training
One of the best ways to stop your employees from being victims of phishing attacks is to bring awareness to the situation.
In the past, this often meant annual meetings with boring training lecture.
But today’s security awareness training platforms make the job of educating your employees so easy.
These solutions have put together massive libraries of short, effective training videos that you can send periodically to your employees.
KnowBe4 is one of the leaders in this space and an agency that we have partnered with to provide this training.
But if your organization is small, Wizer training is a completely free training solution.
Getting login information is often the target of phishing attacks.
If an attacker can fool you into visiting a fake login page and “logging in” they’ve got you.
Believe me, it’s not hard to do.
We nearly always get credentials while on penetration tests.
One thing that you can do to make it harder for the attacker to use your credentials is to use multi factor authentication (MFA).
MFA adds a step to your log in process.
This can could be sending you an SMS message with a code, or using a revolving code from an app on your device.
There are multiple methods, but they all make it harder for an attacker to gain access to your accounts.
Have your employees enable MFA on all of their accounts.
This will definitely help reduce the number of successful cybersecurity attacks against your organization.
Ransomware is definitely one of the cybersecurity attack methods that has received the most attention for the last several years.
Unfortunately, I don’t believe that we’ve seen the end of ransomware attacks either.
In fact, Trend Micro found that there was a 77% increase in ransomware attacks in 2019 vs 2018.
Just in case you’re not familiar with the term ransomware:
Ransomware is a type of malware in which an attacker spreads the malware through a network.
The malware encrypts all of the files on systems and demands a payment to get access to encryption keys to decrypt the files.
As you can imagine, this can be devastating for organizations.
Just imagine coming to work one day and all of your files are useless – you’d likely be unable to work.
Throughout 2019, we’ve seen several very alarming trends with ransomware and other cybersecurity attacks.
One trend that has been rather controversial is that more organizations have been paying ransom payments to retrieve their data.
This could be because more organizations have added cyber coverage to their insurance policies.
Thus when ransomware cripples their organizations, they are advised to simply pay.
The overall pay or don’t pay argument has become quite controversial for one simple reason – paying the ransom helps the perpetrators improve and continue.
Gandcrab, one of the worst ransomware strains in 2019, is a good example.
It earned over $2 billion!
We have also seen an increase in the sophistication in the methods used to distribute ransomware.
Historically, social engineering played a big part in ransomware being installed at an organization.
An email was sent with a link it in, or something was done to get the individual to take an action.
This has changed with some recent attacks where attackers gained access to the company’s networks before even deploying their attacks.
Tips for preventing ransomware attacks
Keep software updated
It can be quite annoying when you get the notification – your computer needs to run updates.
But they are an important part in preventing ransomware and other cybersecurity attacks.
Having backups in place
One of the best ways to be sure that your organization isn’t forced to pay ransom payments is to have backups of all of your files and computers in place.
We always recommend a multi-location strategy.
That is have an onsite backup using a system like Veam (Free) and then one or two cloud backups.
What you need to think about with cloud backups is the time it will take to download all of your files – that could be months depending on your internet speed and the amount of data you have.
Choose a backup provider that will ship all of your data on hard drives should you need it.
Train your employees
Social engineering is still one of the predominant ways that attackers get ransomware onto your systems.
Training your employees to spot phishing, spear phishing, and other social engineering attacks can end up being a life-saver for your company.
SMBs sometimes don’t invest in training, but it’s really one of the security controls with the highest ROI.
Wizer is an excellent training source for SMBs that’s completely free.
For the last few years, the most common cybersecurity attack methods have alternated between ransomware and cryptojacking.
In case you are familiar with this type of attack though. Let’s explain
What is cryptojacking?
Cryptojacking is a type of cyber attack in which the attacker uses the victims computer power to perform complex mathematical calculations that mine cryptocurrency. The two most common crypojacking methods are via browser or scripts that are run from the computers.
There actually appears to be a correlation between the price of crypto currencies and the amount of cryptojacking attacks.
When crypto currencies are higher, cryptojacking attacks increase as well.
Makes sense, right?
One other important thing to keep in mind about crypto jacking attacks is thats attackers like them because of the low risk.
With ransomware attacks, victims know when they’ve been attacked.
There’s also a greater sense of emotion surrounding ransomware attacks.
Have you noticed that people seem to make a big deal about them?
We get all kinds of sensational headlines…
Whereas with other malware types, they aren’t as sensational.
IBM XForce credits this with the more “in-your-face” approach of ransomware.
Anyhow this has made some attackers choose cryptojacking over ransomware.
Tips for preventing cryptojacking attacks
For the most part, there are a few basic steps you can take to be sure that your organization doesn’t fall victim to cryptojacking attacks.
Install ad blocker
Keep everything updated.
Block IP addresses and URLs of known cryptojacking sites
Educate users to identify signs of an infection
Digital skimming is a somewhat new type of cybersecurity attack that has hit ecommerce hard in the last few years.
If your organization does any kind of online selling, it’s something you should take serious precautions to avoid falling victim.
Background – physical skimming
Historically, criminals used physical skimming devices at places where payment cards are used.
Gas stations, atms, etc.
The skimmers copy all of the payment card data as people swipe them.
Then, the criminal would have to come retrieve the skimmers and the data at some point.
The recent skimming attacks that we have heard about (British Airways, NewEgg) are quite different.
These types of attacks work like this:
First the attacker gains access to the target website.
This could be either via infrastructure or third party code dependencies.
For the first method, they find some vulnerability in the website itself or the infrastructure the site is hosted on.
Once the attackers are able to gain access, they add a short script that does the skimming.
For the third party attack method, the attackers target some code base or third party app.
In this case, the malicious script will be propagated to anyone using the service or code.
Preventing Digital skimming
The real way to prevent digital skimming attacks is to keep your website secure and limit domain to domain communication.
If your site uses third party code, be sure to keep them updated.
Fileless Malware Attacks
Fileless attacks are something that you should take very seriously.
These attacks used to be limited to the skill levels of nation states.
However, over the past few years, they have become much more mainstream and have been used in commercial attacks.
Having done pen testing myself, I have to say, it’s not very easy to evade antivirus and anti-malware software.
They’ve gotten pretty good over the years.
Thus, attackers are turning to “fileless malware.”
How fileless attacks work
Essentially, fileless cybersecurity attacks use software and scripts already installed on a computer to negatively impact the devices.
PowerShell is a great example of this.
It can be used to wreak devastating attacks on a network.
And because it’s a legitimate software, it can very easily go undetected.
Other common targets for these attacks are Office Macros and PDF reader vulnerabilities.
Preventing fileless attacks
Stopping these attacks requires much more than traditional antivirus solutions.
Instead, organizations should look into implementing EDR solutions (Endpoint Detection and Response).
EDR uses a combination of Machine learning and behavioral analysis to detect next-generation attacks.
For example, an organization can use some EDR solutions to baseline their employee behavior.
Then, when something occurs that is not in the users’ ordinary work patterns, an alert can be created.
This is one of the only effective ways to continuously prevent fileless attacks.
Cybersecurity attacks are definitely evolving.
The preventative measures that were sufficient five years ago aren’t any longer.
It’s important that organizations adapt their cybersecurity programs to emerging threats.
If your organization takes steps to prepare for these 5 kinds of cybersecurity attacks, you will be much better prepared to face 2020.